<?php

  //////////////////////////////////////////////////////////////////
  // OrbitFAQ                                                     //
  // ---------                                                    //
  //                                                              //
  // Orbit FAQ was solely written and developed by Orbit Services //
  // http://www.orbitservices.net                                 //
  //                                                              //
  // Access the Forum here:                                       //
  // http://forums.orbitservices.net/index.php?c=4                //
  //                                                              //
  // OrbitFAQ utilises the following opensource projects/classes; //
  //  + Fckeditor - http://www.fckeditor.net                      //
  //  + Smarty Template Engine - http://smarty.php.net            //
  //  + Swift Email Class - http://www.swiftmailer.org/           //
  //  + OWASP PHP Filter Project - http://www.owasp.org           //
  //  + MySQL Search Class by Stephen Bartholomew                 //
  //                                                              //
  //////////////////////////////////////////////////////////////////

  $smarty->assign("OrbitFAQTitle","FAQ Management");

  // Standard Functions
  function ReOrderFAQ($faq)
    {

      require('../incs/config.inc.php');
      require('../incs/db.inc.php');

      $new_order = '0';

      $query_faq_order = "SELECT * from orbitfaq ORDER BY faq_order ASC";
      $result_faq_order = $faqsql_query ($query_faq_order)OR DIE( "$sql_query_error $query_faq_order");

      while ($row_faq_order = $faqsql_fetch_array ($result_faq_order)){
        $faq_id_order = $row_faq_order[0];

        $new_order = $new_order+10;

        $query_update_order = "UPDATE `orbitfaq` SET `faq_order` = '$new_order' WHERE `id` = '$faq_id_order';";
        $result_update_order = $faqsql_query ($query_update_order)OR DIE( "$sql_query_error $query_update_order");

      }

    }

  if($action != '')
    {
      $smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_". $mod ."_". $action .".tpl";

      if($action == 'create')
        {

          if($posted == 'yes')
            {

              $posted_title = strip_tags($_POST['posted_title']);
              $posted_desc = strip_tags($_POST['posted_desc']);
              $posted_allowuserposts = sanitize_paranoid_string($_POST['posted_allowuserposts']);
              $posted_public = sanitize_paranoid_string($_POST['posted_public']);

              if(!$posted_title){ $error .= " &raquo; You did not enter a <u>Title</u><br />"; }
              if(!$posted_desc){ $error .= " &raquo; You did not enter a <u>Description</u><br />"; }

              if(!$error)
                {

                  $query_add = "INSERT INTO `orbitfaq` (
                      `title`,
                      `desc`,
                      `allow_user_posts`,
                      `public`
                    )VALUES(
                      '$posted_title',
                      '$posted_desc',
                      '$posted_allowuserposts',
                      '$posted_public'
                    );

                  ";

                  $result_add = $faqsql_query ($query_add)OR DIE( "$sql_query_error $query_add");
                  $faq_id = $faqsql_insertid();

                  if($posted_groups != '')
                    {
                      foreach($posted_groups as $groupacl)
                        {
                            // Put in our managed FAQs
                            $query_addacl = "INSERT INTO `orbitfaq_groups_access` (
                                `f_id`,
                                `g_id`
                              )VALUES(
                                '$faq_id',
                                '$groupacl'
                              );

                            ";
                            $result_addacl = $faqsql_query ($query_addacl)OR DIE( "$sql_query_error $query_addacl");
                        }
                    }

                  // Put in our managed FAQs
                  $query_addacl = "INSERT INTO `orbitfaq_admins_ownership` (`admin_id`,`f_id`)VALUES('$orbitfaq_userid','$faq_id');";
                  $result_addacl = $faqsql_query ($query_addacl)OR DIE( "$sql_query_error $query_addacl");

                  $order = ReOrderFAQ($faq);

                  clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                  $message = "New FAQ Was Successfully Created!";
                  header("Location: index.php?mod=$mod&message=$message");

                  exit;

                }
              else
                {
                  $smarty->assign("posted_title","$posted_title");
                  $smarty->assign("posted_desc","$posted_desc");
                  $smarty->assign("posted_allowuserposts","$posted_allowuserposts");
                  $smarty->assign("posted_public","$posted_public");
                  $smarty->assign("Errors","$error");

                }

            }

          $query_groups = "SELECT * from orbitfaq_groups ORDER BY title";
          $result_groups = $faqsql_query ($query_groups)OR DIE( "$sql_query_error $query_groups");

          while ($row_groups = $faqsql_fetch_array ($result_groups)){
            $group_id = $row_groups[0];
            $group_title = $row_groups[1];

            if($posted_groups != '')
              {
                  if(in_array($group_id, $posted_groups))
                    {
                      $group_selected = 'selected';
                    }
                  else
                    {
                      $group_selected = '';
                    }

              }

             // Build Smarty Content Array
             $smarty_grouppd_array[] = array(
                "group_id" => "$group_id",
                "group_title" => "$group_title",
                "group_selected" => "$group_selected"
              );

            }

          // Send our Smarty Data
          $smarty->assign('GroupPulldown',$smarty_grouppd_array);

      } // End Create
    elseif($action == 'modify')
      {
        if($faq != '')
          {

            // Lets check that this user has access to this faq
            $SuperAdmin = CheckAdminAccess($faq, $ca, $qn, $accesslvl, $orbitfaq_userid);

            if($SuperAdmin == '0')
              {

                clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                $message = "You do not have access to modify this FAQ!";
                header("Location: index.php?mod=$mod&message=$message");

                clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
                exit;
              }

          if($posted == 'yes')
            {

              $posted_title = strip_tags($_POST['posted_title']);
              $posted_desc = strip_tags($_POST['posted_desc']);
              $posted_allowuserposts = sanitize_paranoid_string($_POST['posted_allowuserposts']);
              $posted_public = sanitize_paranoid_string($_POST['posted_public']);

              if(!$posted_title){ $error .= " &raquo; You did not enter a <u>Title</u><br />"; }
              if(!$posted_desc){ $error .= " &raquo; You did not enter a <u>Description</u><br />"; }

              if(!$error)
                {

                  // Delete Our Users ACL
                  $query_delete = "DELETE FROM `orbitfaq_groups_access` WHERE `f_id` = '$faq';";
                  $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                  if($posted_groups != '')
                    {
                      foreach($posted_groups as $groupacl)
                        {
                            // Put in our managed FAQs
                            $query_addacl = "INSERT INTO `orbitfaq_groups_access` (
                                `f_id`,
                                `g_id`
                              )VALUES(
                                '$faq',
                                '$groupacl'
                              );

                            ";
                            $result_addacl = $faqsql_query ($query_addacl)OR DIE( "$sql_query_error $query_addacl");
                        }
                    }

                  $query_update = "UPDATE `orbitfaq` SET
                      `title` = '$posted_title',
                      `desc` = '$posted_desc',
                      `allow_user_posts` = '$posted_allowuserposts',
                      `public` = '$posted_public'
                      WHERE `id` = '$faq'
                    ;

                  ";


                  $result_update = $faqsql_query ($query_update)OR DIE( "$sql_query_error $query_update");

                  clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                  $message = "FAQ Was Successfully Modified!";
                  header("Location: index.php?mod=$mod&message=$message");

                  exit;

                }
              else
                {

                  $query_groups = "SELECT * from orbitfaq_groups ORDER BY title";
                  $result_groups = $faqsql_query ($query_groups)OR DIE( "$sql_query_error $query_groups");

                  while ($row_groups = $faqsql_fetch_array ($result_groups)){
                    $group_id = $row_groups[0];
                    $group_title = $row_groups[1];

                    if($posted_groups != '')
                      {
                          if(in_array($group_id, $posted_groups))
                            {
                              $group_selected = 'selected';
                            }
                          else
                            {
                              $group_selected = '';
                            }

                      }

                     // Build Smarty Content Array
                     $smarty_grouppd_array[] = array(
                        "group_id" => "$group_id",
                        "group_title" => "$group_title",
                        "group_selected" => "$group_selected"
                      );

                    }

                  $smarty->assign('GroupPulldown',$smarty_grouppd_array);
                  $smarty->assign("posted_id","$faq");
                  $smarty->assign("posted_title","$posted_title");
                  $smarty->assign("posted_desc","$posted_desc");
                  $smarty->assign("posted_allowuserposts","$posted_allowuserposts");
                  $smarty->assign("posted_public","$posted_public");
                  $smarty->assign("Errors","$error");

                }

            }
          else
            {

              $query_faq = "SELECT * from orbitfaq WHERE `id` = '$faq' ORDER BY faq_order ASC";
              $result_faq = $faqsql_query ($query_faq)OR DIE( "$sql_query_error $query_faq");

              while ($row_faq = $faqsql_fetch_array ($result_faq)){
                $faq_id = $row_faq[0];
                $faq_title = $row_faq[1];
                $faq_desc = $row_faq[2];
                $faq_allow_user_posts = $row_faq[3];
                $faq_public = $row_faq[4];


              $query_groups = "SELECT * from orbitfaq_groups ORDER BY title";
              $result_groups = $faqsql_query ($query_groups)OR DIE( "$sql_query_error $query_groups");

              while ($row_groups = $faqsql_fetch_array ($result_groups)){
                $group_id = $row_groups[0];
                $group_title = $row_groups[1];

                    // Check if the admin has access
                    $query_groupacl = "SELECT * from orbitfaq_groups_access WHERE g_id = $group_id AND f_id = '$faq'";
                    $result_groupsacl = $faqsql_query ($query_groupacl)OR DIE( "$sql_query_error $query_groupacl");
                    $count_groupsacl = $faqsql_count_rows($result_groupsacl);

                    if($count_groupsacl != '0')
                      {
                        $group_selected = 'selected';
                      }
                    else
                      {
                        $group_selected = '';
                      }

                     // Build Smarty Content Array
                     $smarty_grouppd_array[] = array(
                        "group_id" => "$group_id",
                        "group_title" => "$group_title",
                        "group_selected" => "$group_selected"
                      );

                }

              // Send our Smarty Data
              $smarty->assign('GroupPulldown',$smarty_grouppd_array);

                // Assign our smarty details
                $smarty->assign("posted_id","$faq_id");
                $smarty->assign("posted_title","$faq_title");
                $smarty->assign("posted_desc","$faq_desc");
                $smarty->assign("posted_allowuserposts","$faq_allow_user_posts");
                $smarty->assign("posted_public","$faq_public");

              }

            }

          }
        else
          {
            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

            $message = "You Did Not Enter a Valid FAQ Id!";
            header("Location: index.php?mod=$mod&message=$message");
          }
      } // End Modify

    elseif($action == 'delete')
      {
        if($faq != '')
          {

            // Lets check that this user has access to this faq
            $SuperAdmin = CheckAdminAccess($faq, $ca, $qn, $accesslvl, $orbitfaq_userid);

            if($SuperAdmin == '0')
              {

                clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                $message = "You do not have access to delete this FAQ!";
                header("Location: index.php?mod=$mod&message=$message");

                clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
                exit;
              }

          if($posted == 'yes')
            {

              $posted_confirmation = sanitize_paranoid_string($_POST['posted_confirmation']);
              $posted_faq = sanitize_paranoid_string($_POST['posted_faq']);

              $smarty->assign("posted_faq","$faq_id");

              if(($posted_confirmation == '0')AND(!$posted_faq)){ $error .= " &raquo; You did not select an appropriate <u>Confirmation</u> and <u>New FAQ</u><br />"; }

              if(!$error)
                {
                  if($posted_confirmation == '1')
                    {

                      // Check if the Answer is assigned to multiple Questions
                      $query_qn = "SELECT id FROM `orbitfaq_questions` WHERE f_id = '$faq'";
                      $result_qn = $faqsql_query ($query_qn)OR DIE( "$sql_query_error $query_qn");

                      while ($row_qn = $faqsql_fetch_array ($result_qn)){
                        $qn_id = $row_qn[0];

                        // Check if the Answer is assigned to multiple Questions
                        $query_ans = "SELECT COUNT(*) FROM `orbitfaq_questions` WHERE a_id = (SELECT id from orbitfaq_answers WHERE `id` = ANY(SELECT a_id from `orbitfaq_questions` WHERE `id` = '$qn_id'));";
                        $result_ans = $faqsql_query ($query_ans)OR DIE( "$sql_query_error $query_ans");

                        while ($row_ans = $faqsql_fetch_array ($result_ans)){
                          $answ_count = $row_ans[0];

                          if($answ_count <= '1')
                            {
                              $query_delete = "DELETE FROM orbitfaq_answers WHERE `id` = (SELECT a_id from `orbitfaq_questions` WHERE `id` = '$qn_id');";
                              $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");
                            }

                        }

                      }

                      // Delete Questions
                      $query_delete = "DELETE FROM `orbitfaq_questions` WHERE `f_id` = '$faq';";
                      $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                      // Delete Categories
                      $query_delete = "DELETE FROM `orbitfaq_categories` WHERE `f_id` = '$faq';";
                      $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                      $sub_message = ' as well as All Categories, Questions and Answers';

                    }
                  else
                    {
                      // Move our Categories
                        $query_update = "UPDATE `orbitfaq_categories` SET
                            `f_id` = '$posted_faq' WHERE `f_id` = '$faq';
                        ";

                        $result_update = $faqsql_query ($query_update)OR DIE( "$sql_query_error $query_update");

                        $sub_message = ' and All Categories, Questions and Answers were moved';
                    }

                  // Delete Our Users ACL
                  $query_delete = "DELETE FROM `orbitfaq_groups_access` WHERE `f_id` = '$faq';";
                  $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                  // Delete Our FAQ
                  $query_delete = "DELETE FROM `orbitfaq` WHERE `id` = '$faq';";
                  $result_delete = $faqsql_query ($query_delete)OR DIE( "$sql_query_error $query_delete");

                  clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                  $message = "FAQ was Successfully Deleted$sub_message!";
                  header("Location: index.php?mod=$mod&message=$message");

                  exit;

                }

            }

              $query_faq = "SELECT * from orbitfaq WHERE `id` = '$faq' ORDER BY faq_order ASC";
              $result_faq = $faqsql_query ($query_faq)OR DIE( "$sql_query_error $query_faq");

              while ($row_faq = $faqsql_fetch_array ($result_faq)){
                $faq_id = $row_faq[0];
                $faq_title = $row_faq[1];
                $faq_desc = $row_faq[2];
                $faq_allow_user_posts = $row_faq[3];
                $faq_public = $row_faq[4];

                // Assign our smarty details
                $smarty->assign("Errors","$error");
                $smarty->assign("posted_id","$faq_id");
                $smarty->assign("posted_title","$faq_title");
                $smarty->assign("posted_desc","$faq_desc");
                $smarty->assign("posted_allowuserposts","$faq_allow_user_posts");
                $smarty->assign("posted_public","$faq_public");

              }

            // Lets get our Categories
            $query_faq_pd = "SELECT * from orbitfaq WHERE `id` != '$faq' ORDER BY faq_order ASC";
            $result_faq_pd = $faqsql_query ($query_faq_pd)OR DIE( "$sql_query_error $query_faq_pd");
            $count_faq_pd = $faqsql_count_rows($result_faq_pd);

            while ($row_faq_pd = $faqsql_fetch_array ($result_faq_pd)){
              $faq_pd_id = $row_faq_pd[0];
              $faq_pd_title = $row_faq_pd[1];

              if((!$posted_faq)AND($faq == $faq_pd_id))
                {
                  $selected = " selected";
                }
              elseif(($posted_faq)AND($faq_pd_id == $posted_faq))
                {
                  $selected = " selected";
                }
              else
                {
                  $selected = "";
                }

              $build_faq_pulldown .= "<option value='$faq_pd_id' $selected>$faq_pd_title</option>\n";

            }

            $smarty->assign("FAQPulldown","$build_faq_pulldown");

          }
        else
          {
            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

            $message = "You Did Not Enter a Valid FAQ Id!";
            header("Location: index.php?mod=$mod&message=$message");
          }
      } // End Delete

    elseif($action == 'move')
      {
        if($faq != '')
          {

            if($posted != '')
              { ////order + $move
                $query_update_order = "UPDATE `orbitfaq` SET faq_order = faq_order + $posted WHERE `id` = '$faq';";
                $result_update_order = $faqsql_query ($query_update_order)OR DIE( "$sql_query_error $query_update_order");
              }

            $order = ReOrderFAQ($faq);

            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

            $message = "You Have Successfully Moved the FAQ!";
            header("Location: index.php?mod=$mod&message=$message");
            exit;

          }
        else
          {
            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

            $message = "You Did Not Enter a Valid FAQ Id!";
            header("Location: index.php?mod=$mod&message=$message");
            exit;
          }
      } // End Move

    elseif($action == 'chstatus')
      {
        if($faq != '')
          {

            // Lets check that this user has access to this faq
            $SuperAdmin = CheckAdminAccess($faq, $ca, $qn, $accesslvl, $orbitfaq_userid);

            if($SuperAdmin == '0')
              {

                clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                $message = "You do not have access to change the status of this FAQ!";
                header("Location: index.php?mod=$mod&message=$message");

                exit;
              }

            if($posted != '')
              {
                $query_update_order = "UPDATE `orbitfaq` SET status = $posted WHERE `id` = '$faq';";
                $result_update_order = $faqsql_query ($query_update_order)OR DIE( "$sql_query_error $query_update_order");
              }

            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

            $message = "You Have Successfully Changed the FAQ Status!";
            header("Location: index.php?mod=$mod&message=$message");
            exit;

          }
        else
          {
            clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

            $message = "You Did Not Enter a Valid FAQ Id!";
            header("Location: index.php?mod=$mod&message=$message");
            exit;
          }
      } // End Move

    }
  else
    {
      $smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_". $mod .".tpl";

      $query_faq = "SELECT * from orbitfaq ORDER BY faq_order ASC";
      $result_faq = $faqsql_query ($query_faq)OR DIE( "$sql_query_error $query_faq");

      while ($row_faq = $faqsql_fetch_array ($result_faq)){
        $faq_id = $row_faq[0];
        $faq_title = $row_faq[1];
        $faq_desc = $row_faq[2];
        $faq_allow_user_posts = $row_faq[3];
        $faq_public = $row_faq[4];
        $faq_order = $row_faq[5];
        $faq_status = $row_faq[6];

        if($faq_allow_user_posts == '1')
          {
            $faq_user_posts = "yes";
          }
        else
          {
            $faq_user_posts = "no";
          }

        if($faq_public == '1')
          {
            $faq_access = "public";
          }
        else
          {
            $faq_access = "groups";
          }

        if($faq_row == '1')
          {
            $faq_row = '0';
          }
        else
          {
            $faq_row = '1';
          }

          // Check if the admin has access
          $query_faqacl = "SELECT * from orbitfaq_admins_ownership WHERE f_id = '$faq_id' AND `admin_id` = '$orbitfaq_userid'";
          $result_faqacl = $faqsql_query ($query_faqacl)OR DIE( "$sql_query_error $query_faqacl");
          $count_faqacl = $faqsql_count_rows($result_faqacl);

          if($count_faqacl != '0')
            {
              $faq_aclaccess = '1';
            }
          else
            {
              $faq_aclaccess = '0';
            }

          // Check if the admin has access
          $query_groupacl = "SELECT id from orbitfaq_groups_access WHERE f_id = '$faq_id'";
          $result_groupacl = $faqsql_query ($query_groupacl)OR DIE( "$sql_query_error $query_groupacl");
          $count_groupacl = $faqsql_count_rows($result_groupacl);

          if($count_groupacl != '0')
            {
              $group_access = '1';
            }
          else
            {
              $group_access = '0';
            }

         // Build Smarty Content Array
         $smarty_faq_array[] = array(
            "faq_id" => "$faq_id",
            "faq_title" => "$faq_title",
            "faq_desc" => "$faq_desc",
            "faq_allow_user_posts" => "$faq_user_posts",
            "faq_public" => "$faq_access",
            "faq_order" => "$faq_order",
            "faq_status" => "$faq_status",
            "faq_row" => "$faq_row",
            "faq_aclaccess" => "$faq_aclaccess",
            "group_access" => "$group_access"
          );

      }

      // Send our Smarty Data
      $smarty->assign('FAQListing',$smarty_faq_array);
    }
?>